Concurrency Theory: Lecture 3, 21 August 2019 ---------------------------------------------- Confusion - Was a conflict resolved? Occurrence of an independent transition creates/removes a conflict. Conflict(t,M) = { t' | M--t--> and M--t'--> and t,t' in conflict} Confusion occurs when M --t'-->M' and for some t independent of t', Conflict(t,M) =/= Conflict(t,M'). - Conflict set can either grow or shrink (or both) - Two fundamental types of confusion, symmetric and asymmetric - Confusion reflects interaction between concurrency and conflict (choice) and is one of the reasons why analysis of concurrent systems is harder than sequential systems Free choice nets - Avoid confusion by restricting net structure - If Pre(t) and Pre(t') intersect, then Pre(t) = Pre(t'). - Can derive stronger decidability/algorithmic results for free choice nets: empirical evidence that lack of confusion simplifies analysis. Deadlock and liveness - M is deadlocked (or "dead") if no t is enabled at M. - t is dead at M if t is not enabled in Reach(M) - t is live at M if it is not dead at any marking in Reach(M) For all M' in Reach(M), there exists M" in Reach(M') such that M" --t--> - A net is live at M if all transitions are live at M Many early results in Petri net theory focus on characterizations of live and safe initial markings for nets Reachability Is M in Reach(Min)? - Decidable, but proof is hard: no bound on size of intermediate markings in path from Min to M - Linear algebraic approach: vector addition systems: - For a finite net with n places, a marking is a vector (m1,m2,..,mn) - Each transtion is a change vector (delta1,delta2,..,deltam) - Effect of t at M is given by M+t. Effect of a sequence only depends on the number of occurrences of each type of transition. _ Represent a net by an initial vector Min and change vectors {t1,t2,...,tk}. Reachability of M implies there exist j1,j2,...,jk such that M = Min + j1*t1 + j2*t2 + ... + jk*tk - This is sufficient by not necessary: a solution may exist but the ji's may not yield a feasible firing sequence --- intermediate marking may drop below 0 for some place - Nevertheless, original proof of decidability of reachability heavily uses linear algebra. More recent proofs try to find alternative "simpler" arguments. - Algorithmic complexity of reachability - EXPSPACE-hard (Lipton) - Non-primitive recursive upper bound (Leroux and Schmitz) - Nonelementary lower bound, 2018 (Czerwinski et al) Coverability - Compare markings component-wise: M <= M' if M(p) <= M'(p) for all p in P - M' covers M if M' >= M - Coverability question: Given M, does there exist M' in Reach(Min) such that M' covers M? - Why is this useful? Firing rule for nets is monotonic with respect to markings. If M--t--> and M' >= M, then M'--t--> as well. In fact, a stronger statement holds: If M--t-->M1 and M' >= M, then M'--t-->M1' and M1' >= M1. - "Bad" markings are typically characterized in terms of the transitions they enable (e.g. in mutual exclusion, both access to critical section is simultaneously enabled in both processes). If M is bad and M' >= M, M' is also bad. - If we find M' in Reach(Min) that covers a bad marking M, we have an unsafe behaviour (though M may not be precisely reachable). If no such M' is exists, it also implies M itself is unreachable, so the behaviour is safe. ----------------------------------------------------------------------